Today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$100,000 - $125,000
No Traveling
IT - Software
San Antonio, TX (On-Site/Office)
Seeking a Signature Writer - Intermediate - Cybersecurity in support of a mission critical SOC for the USAF.
Requirements:
- Active TS/SCI
- More than 3 years’ experience implementing signatures on HIPS devices.
- 3+ years’ experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MS
- More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
- Proficient in PowerShell with more than one (1) year of experience.
- Extensive knowledge of Windows internals.
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
- More than three years of experience using Regular Expressions, YARA, and Snort equivalent to create custom IPS/IDS signatures
Desired:
- More than five (5) years of experience implementing behavior‐based (heuristic and anomaly‐based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA’s Joint Regional Security Stacks (JRSS).
- Proficient in Python and PowerShell. SANS GCFA or equivalent certification.
Duties:
- Analyze, interpret, and utilize Regular Expressions, YARA, and Snort‐like capabilities in the creation of custom signature sets.
- Develop and document IPS/IDS SOPs. (CDRL A008)
- Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
- Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
- Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
- Automate tasks using a common programming or scripting language.
- Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
- Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)
- Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)
- Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)
- Automate processes and procedures using scripts and SQL/database administration (CDRL A007)
- Provide training and knowledge transfer to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
---
Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan � Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
Requirements:
- Active TS/SCI
- More than 3 years’ experience implementing signatures on HIPS devices.
- 3+ years’ experience using Regular Expressions, YARA, and Snort-equivalent to create custom IPS/IDS signatures. BA/BS or MA/MS
- More than three (3) years of experience implementing signatures on Host based Intrusion Protection System (HIPS) devices.
- Proficient in PowerShell with more than one (1) year of experience.
- Extensive knowledge of Windows internals.
- Extensive knowledge of MITRE ATT&CK framework, and its uses within the cybersecurity community (e.g., Open Source projects).
- More than three years of experience using Regular Expressions, YARA, and Snort equivalent to create custom IPS/IDS signatures
Desired:
- More than five (5) years of experience implementing behavior‐based (heuristic and anomaly‐based) signatures on IDS/IPS/Host based Intrusion Protection System (HIPS) devices on AF approved devices as well as DISA’s Joint Regional Security Stacks (JRSS).
- Proficient in Python and PowerShell. SANS GCFA or equivalent certification.
Duties:
- Analyze, interpret, and utilize Regular Expressions, YARA, and Snort‐like capabilities in the creation of custom signature sets.
- Develop and document IPS/IDS SOPs. (CDRL A008)
- Investigate intrusion events, host files, network files, and memory, to dissect and extrapolate information necessary for the development of custom signatures.
- Analyze deployed signatures to reduce false positive rate and perform signature maintenance.
- Create, modify, and manage, Security Orchestration and Automation workflows for operational use and execution.
- Automate tasks using a common programming or scripting language.
- Utilize Linux systems, UNIX/Linux shell scripting (bash), Python, PowerShell.
- Develop, Test, Deploy, and Manage signatures, rules and filters for capabilities such as; IDS, IPS, firewall, web application firewall, proxy and SIEM systems. (CDRL A007)
- Migrate, tune, and document existing and future AF signatures/detections to new tools and systems as they become available. (CDRL A007)
- Provide support to external units and work centers as approved by AFCERT leadership. (CDRL A007)
- Automate processes and procedures using scripts and SQL/database administration (CDRL A007)
- Provide training and knowledge transfer to government personnel as requested.
- Provide OJT to other contractor employees, military, and/or civilian personnel, and ensure continuity folders/working aids are updated at least once per quarter in order to ensure efficient transition when personnel rotate.
- Maintain currency on latest industry trends and provide operational reports/assessments for development of tactics, techniques, and procedures. (CDRL A002)
- Create, document, and report metrics for analysis to improve weapon system processes and mission execution. (CDRL A009).
---
Company Benefits:
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan � Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
group id: 10105424
Accelerating IT transformation in the public sector
